Data Breaches Bring Blackstone Investment Into Play

A Blackstone Group summer investment is playing a leading role in analyzing a string of retail data breaches, such as those that occurred at Target Corp. and Neiman Marcus Group.

Dallas cybersecurity company iSight Partners Inc., which received an investment from Blackstone, has been working with the U.S. Department of Homeland Security as investigators continue to analyze the breaches. Together, with Homeland Security, the company privately issued a report to financial-services and retail companies on details behind the breaches.

Separately, iSight released its own public report on Thursday, highlighting some of the findings, including that the attacks may have involved multiple groups of hackers using a sophisticated piece of software code known as Kaptoxa.

“What’s really unique about this one is it’s the first time we’ve seen the attack method at this scale,” Tiffany Jones, a senior vice president at iSight, said to The Wall Street Journal. “It conceals all the data transfers. It makes it really hard to detect in the first place.”

ISight’s role amid the cyber attacks comes after receiving support from Blackstone in July in the form of an investment and a partnership. The New York private equity firm invested an undisclosed sum using its own money—as opposed to one of its private equity funds—to support the release of new cybersecurity products. Meanwhile, iSight agreed to provide Blackstone’s portfolio companies with its software.

The investment reflects a heightened awareness of an evolving cyberthreat.

“In the past it was about taller, stronger defenses,” said Bill Murphy Blackstone’s chief technology officer. “The right way to protect yourself is to understand the threat landscape that much more effectively than you did before so that you can apply the defenses to the right places.”

Blackstone opted to back iSight because it believes cybersecurity goes beyond stopping the attacks.

“Even if you thwart an attack, you want to be able to identify [who is behind the breach] and say whether they are sophisticated, coming back and what techniques they’re going to employ so you can reorient your defense strategies,” said Mr. Murphy.

ISight and similar companies stand to gain a more prominent role in cybersecurity as awareness spreads from already disclosed breaches. Target, for example, said 40 million credit- and debit-card accounts and personal data for 70 million people were compromised. In response, banks like J.P. Morgan Chase & Co. have been in contact with customers at risk.

“The bigger path for [iSight] is around increasing market awareness,” said Mr. Murphy. “There’s an awaking in the market and a growing awareness to these types of threats.”